Online graphic-design tool Canva hacked; 139 million accounts stolen

Online graphic-design tool Canva hacked; 139 million accounts stolen

Canva has contacted the FBI to investigate the data breach.

Canva, an online graphic-design tool website operated from Australia has suffered a massive data breach in which personal data of over 139 million registered users has been stolen – The breach took place on Friday, May 24.


The stolen data includes usernames, real names, email addresses, city, and country information, etc. Canva, on the other hand, has acknowledged the breach and notified users in an email claiming that their payment card and other financial data is safe.


See: Sensitive data of 80 million US households exposed online


The company further maintains that the stolen passwords are in an encrypted format and “unreadable by external parties.”


“We’re aware that a number of our community’s usernames and email addresses have been accessed. The hackers also obtained passwords in their encrypted form (for technical people – all passwords were salted and hashed with bcrypt). This means that our user passwords remain unreadable by external parties.,” Canva said in an email sent to its users.



According to ZDNet, out of 139 million, 61 million users had their passwords encrypted with the bcrypt algorithm which is pretty secure format when it comes to cracking. Moreover, the data included Google tokens used by customers to log into Canva without registering an account.


In total, 78 million users had their Gmail based email addresses exposed in the breach, ZDNet who examined the sample data has confirmed.


Canva lets users sign in with their Facebook and Gmail account however while addressing the incident, the company assured users that their Facebook and Goo ..